ifq_hdatalen should keep the mbuf it's looking at, not leak it.
ie, use ifq_deq_rollback after looking at the head mbuf instead of
this is used in tun/tap, where it had the effect that you'd get the
datalen for the packet, and then when you try to read that many
bytes it had gone. cool and normal.
this was found by a student who was trying to do just that. i've
always just read the packet into a large buffer.
check that software de/encrypt is possible: under hardware
offload, it needn't be. the stack must otherwise rely on every
offloading driver correctly handling all frames governed by a